OWASP ASVS is a great project to provide a framework of security controls for design and define the basis of secure development. But the problem is when you decide to use these checks in your organization, you end up with a 71-page pdf file or an OWASP ASVS checklist (excel sheet). It is incredibly hard for organizations to adapt and spread the word within the company. This is why we decided to implement a feature that gets all the security testing tools results (by CWE) and maps them into OWASP ASVS automatically so you can use it in every aspect of your application security program.

In today's interconnected and technology-driven world, cyber threats have become a significant concern for businesses. With the rise of advanced cyber attacks, data breaches, and cybercriminals, it has become imperative for organizations to implement strong security measures to protect their applications and data. Automated testing tools are the number one go-to solution for security teams trying to scale the discovery of vulnerabilities in their applications. However, as modern software development practices evolve, new attack surfaces emerge and so do new security testing tools that cover different attack surfaces.

As an Application Security (AppSec) leader, one of the most significant challenges you might face is securing management support for your program. This lack of support often results in under-resourced AppSec teams feeling frustrated and unable to make a meaningful impact. To foster an environment where your team feels valued and prevents burnout, AppSec leaders must prioritize gaining additional resources. In many organizations, security tends to climb the priority ladder slowly, requiring AppSec leaders to put in extra effort to secure the necessary approvals. Here are three strategies that can help you win management buy-in and create a better environment for your team.

Anyone who works on application security knows developers are inseparable from AppSec programs. Even so, the hardest part is figuring out how to get security on their agenda and actively involve them in preventing and managing vulnerabilities. Only with their buy-in and active involvement, it is possible to scale an application security program to the level desired by AppSec teams, especially in large enterprises where developers way outnumber security engineers.

Gartner just released the Hype Cycle for Application Security 2022, and the main topic was the rise of application security orchestration and correlation (ASOC) tools. As Kondukto, we have been in "this neighbourhood" for more than 3 years; we want to take the chance to say something about "why you need an ASOC platform". As multiple security technologies need to be used at different stages of the modern software development lifecycle, the findings from various tools are creating an immense complexity for understaffed security teams.

API security is a growing concern for businesses that offer or consume APIs. APIs, or application programming interfaces, allow different software systems to communicate and exchange data. They allow businesses to build integrations and connect with partners, customers, and other stakeholders. However, as more sensitive data is being shared through APIs, it is essential to ensure that these interfaces are secure and protected from unauthorized access or manipulation. In this blog post, we'll discuss how continuous fuzzing can be a powerful tool to secure APIs and how developers can adopt a "secure by default" approach by integrating continuous fuzzing into SDLC processes.

OpenAI is an artificial intelligence research laboratory that surprised the world with ChatGPT. It was founded in San Francisco in late 2015 by Sam Altman and Elon Musk, and many others. ChatGPT grabbed 1M people's attention in the first six days, and unbelievable AI & Human conversations screenshots are still getting shared. We couldn't resist more to see how OpenAI can help developers and application security teams by sharing remediation guidance. Many application security teams manage millions of security issues on Kondukto, which would eventually save them hundreds of hours.